Solved: Hi David,Do you still have

David Santos · ‎12-16-2013

Guys,

After a search in the docs I couldn´t find what is this status "Pending Deletion" in the "Blocked on" line.

sw#sh authentication sessions int gi 1/0/12 det

Interface: GigabitEthernet1/0/12

IIF-ID: 0xC6E48000006674

MAC Address: [omitted]

IPv6 Address: Unknown

IPv4 Address: 10.7.0.76

User-Name: [omitted]

Status: Authorized

Domain: DATA

Oper host mode: single-host

Oper control dir: both

Session timeout: N/A

Common Session ID: 0AFE0AF00022940F55761E56

Acct Session ID: 0x002443D3

Handle: 0xF90003C2

Current Policy: (Unnamed Policy)

Blocked On: Pending Deletion

Method status list:

Method State

dot1x Authc Success

mab Stopped

can someone explain me what is this?

phosawyer · ‎09-30-2015

For anyone looking for info on this problem. A bug has been reported:

https://tools.cisco.com/bugsearch/bug/CSCur26195

View solution in original post

Rolf Fischer · ‎08-18-2020

Today I found this old post when I was troubleshooting a similar problem with a MAB client.

In this particular case I was able to solve the problem by using the "forced" option of "clear authentication sessions mac".

switch#show auth sessions interface gi1/0/32 details
Interface: GigabitEthernet1/0/32
MAC Address: 0200.00cc.0f93
IPv4 Address: 192.168.240.151
User-Name: 02-00-00-CC-0F-93
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Current Policy: POLICY_Gi1/0/32
Blocked On: Pending Deletion
SM Accounting Feature


switc#clear auth sessions mac 0200.00cc.0f93 ?
forced Forcefully clear auth session. Use this as last resort


switch#clear auth sessions mac 0200.00cc.0f93 forced

View solution in original post

David Santos · ‎01-13-2014

What i´ve found so far:

so in this case,

D - Awaiting Deletion—Session deletion has

begun. One or more asynchronous actions are

currently in progress (either retrieving

accounting data from the platform or deleting

the IIF ID).

what does this mean? What is the IIF ID?

Anyone?

Tarik Admani · ‎01-13-2014

David,

I havent found any information on this myself and have not worked with a 3850 for any radius authentication. This will take some time on my end to get an answer for you. In the meantime and if this is an issue you may want to open a TAC case to see if an engineer can shed some light on this.

Thanks,

Tarik Admani
*Please rate helpful posts*

David Santos · ‎01-13-2014

Tarik,

I´m going to upgrade the sw to the last version.

Give me a couple of days to test this...

Jan Linhart · ‎02-24-2014

Hi David,

I am experiencing exactly same problem with 3850 and ISE 1.2 - everything works correctly with other switch types.

It worked some time but last few days this problem appeared.

Have you found the solution? My IOS version is 03.02.02.SE. I will try to upgrade tonight and hope it will work - otherwise I am going to open TAC case.

Jan

David Santos · ‎02-24-2014

Jan,

so far the client haven´t told me anything new concerning this subject. I think that the upgrade to 03.03.01SE resolved the problem.

Upgrade your Sw first and then tell me if it solved this problem.

Regards,

DS

Jan Linhart · ‎02-25-2014

Upgrade to version 03.03.02SE seems to solve this issue. It works now, but it worked before and than stopped, so I will confirm later.

mlinder01 · ‎04-22-2014

Hi David,

Do you still have this problem? Today i got an email from a customer which has this problem too... he has Cisco 3650 with IOS XE 03.03.02SE.

Thanks,

Manuel

David Santos · ‎04-22-2014

Nothing so far. I´ve got everything up and running.

DS

Jeremy N · ‎12-16-2014

I know this is an old thread, but I thought I'd mention that I've got a stack on 3.3.3SE with the same "stuck in deletion" problem for only one MAC address. We've had a wide range of dot1x/mab issues with these 3850's, so it's not too surprising that we're adding another one to the pile. I'm wondering if it wasn't your upgrade that fixed it, but rather the reboot required for the upgrade that did. We're getting ready to upgrade to 3.6.1 this weekend to resolve another dot1x issue we've been working on with Cisco TAC and developers. Did either of you ever see this issue come back?

phosawyer · ‎09-30-2015

For anyone looking for info on this problem. A bug has been reported:

https://tools.cisco.com/bugsearch/bug/CSCur26195

Rolf Fischer · ‎08-18-2020

Today I found this old post when I was troubleshooting a similar problem with a MAB client.

In this particular case I was able to solve the problem by using the "forced" option of "clear authentication sessions mac".

switch#show auth sessions interface gi1/0/32 details
Interface: GigabitEthernet1/0/32
MAC Address: 0200.00cc.0f93
IPv4 Address: 192.168.240.151
User-Name: 02-00-00-CC-0F-93
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Current Policy: POLICY_Gi1/0/32
Blocked On: Pending Deletion
SM Accounting Feature


switc#clear auth sessions mac 0200.00cc.0f93 ?
forced Forcefully clear auth session. Use this as last resort


switch#clear auth sessions mac 0200.00cc.0f93 forced

3850 with ISE - 802.1x Pending Deletion